Method for integrity metrics management

Abstract

A system for recording an expected value which a hash value of each of a plurality of the components in this system should take on. The system further records in association with secret information an expected value of integrity information which serves as a condition for permitting access to the secret information. The system includes a register for storing integrity information for certifying the integrity of the components. In the system, a value computed by further inputting to a hash function the expected values which hash values of the components should take on is stored in the register as the integrity information before the components are started. Then, a hash value of a component newly started is computed, and the integrity information of the register is updated on condition that the computed hash value is different from the expected value. Access to the secret information is permitted on condition that the expected value of the integrity information and the integrity information of the register are identical.

Description

BACKGROUND OF THE INVENTION[0001]The present invention relates to a system for controlling access to secret information. In particular, the present invention relates to a system for preventing the leakage of secret information caused by the tampering with the system.[0002]In recent years, technologies of data encryption and electronic signatures are becoming indispensable to information communications. Encryption and electronic signatures require secret information such as a cryptographic key. This secret information must be managed so as not to be leaked to an outsider. Accordingly, in many cases, secret information is stored in a storage area in a storage device which only an administrator thereof can access. However, in the case where communication software which uses the secret information has been tampered with by a malicious user, the secret information may be leaked against the intention of the administrator.[0003]To cope with this problem, the technology of determining the i...

AI Technical Summary

Benefits of technology

[0016]FIG. 3 shows the functional co

Problems solved by technology

However, in the case where communication software which uses the secret information has been tampered with by a malicious user, the secret information may be leaked against the intention of the administrator.

However, in this technology, it is difficult to determine whether or not the integrity of software itself for realizing this technology is maintained.

That is, for example, in the case where the software itself for inspecting computer viruses is infected by a computer virus, it is difficult to determine the integrity of the inspection software.

In the TPM, access to the PCR is physically limited.

That is, even if a malicious user tries to disassemble the information processing device, he or she cannot read the value of the PCR.

This value is computed by a hash function, which is a one-way function, and is therefore difficult to forge.

Furthermore, the probability that a value identical with this value will be generated by chance is also very low.

However, in a system in which a large number of software components are configured in a complicated manner, there are cases where the start-up sequence of the software components changes every time the system is started.

Thus, access to secret information protected by the value of the PCR cannot be appropriately controlled in a state in which some of the software components are not started.

Thus, the manufacturing costs and power consumption of the TPM increase greatly.

However, even with this technology, the data size of the SML is larger than that of the PCR, and application for controlling the readout of secret information is difficult.

Images